Signify: Cryptographically Sign and Verify Files
From Whonix
Introduction[edit]
Written in 2014 for OpenBSD, signify is a tool to cryptographically sign and verify files: [1]
It only supports a single algorithm, Ed25519, created by djb and his gang. It’s fast, immune to timing attacks by design, produce deterministic signatures, uses small keys and produce small signatures, … it does look like a sound choice.
Signify's main benefits is that it has a small codebase and is not based on GnuPG. On the downside, there is no revocation mechanism [2] and the trust path relies on getting the key directly from a trusted developer. [1]
Signify's usage is not just limited to OpenBSD and the tool has also been been packaged in Debian. [3] To learn more about signify, refer to this blog post [archive] by the original author.
Installation and Usage[edit]
In the steps below, installing package qrencode is optional and only needed if you intend to create QR codes.
1. Install signify.
Install signify-openbsd qrencode.
1. Update the package lists.
sudo apt update
2. Upgrade the system.
sudo apt full-upgrade
3. Install the signify-openbsd qrencode package.
Using apt command line parameter --no-install-recommends is in most cases optional.
sudo apt install --no-install-recommends signify-openbsd qrencode
4. Done.
The procedure of installing signify-openbsd qrencode is complete.
2. Create a key.
This only needs to be done once unless multiple keys are desired; in that case different key names should be used. In the following example, keyname is used as the sample key name.
signify-openbsd -G -p keyname.pub -s keyname.sec
3. Optional: Add a key comment.
Replace comments here with the actual comment but keep the ". The comment could be a name, position, website, e-mail address and/or anything else.
signify-openbsd -G -p keyname.pub -s keyname.sec -c "comments here"
Note:
- The private key file
keyname.secneeds to stay private -- never sharekeyname.secwith anyone as this would defeat the purpose of signing files! - The public key file
keyname.pubcan be shared with anyone.
4. Utilize signify.
To sign a file message.txt (which has to be created by the user beforehand).
signify-openbsd -S -s keyname.sec -m message.txt
This will create a signature file message.txt.sig.
To verify a file message.txt with signature file message.txt.sig.
signify-openbsd -V -p keyname.pub -m message.txt
5. Optional: Create a QR code for the public key.
qrencode -r keyname.pub -o keyname.pub.png
File keyname.pub.png would be the QR code of the public key.
Refer to the Debian signify-openbsd Manual Page [archive] for further options.
See Also[edit]
Footnotes[edit]
- ↑ 1.0 1.1 https://isopenbsdsecu.re/mitigations/signify/ [archive]
- ↑ Meaning if the key is stolen, people can only be informed the key should not be trusted anymore.
- ↑ https://packages.debian.org/bullseye/signify-openbsd [archive]
- ↑
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
|
100px |
| Fosshost | About Advertisements |
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Want to help create awesome, up-to-date screenshots for the Whonix ™ wiki? Help is most welcome!
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | 
Freedom Software / 
Open Source (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.